oss-sec mailing list archives

Re: CVE id request: Clamav

From: Eren Türkay <turkay.eren () gmail com>
Date: Tue, 17 Jun 2008 10:38:13 +0300

On 15 Jun 2008 Sun 14:21:30 Steffen Joeris wrote:

The upstream changelog says:
* libclamav/petite.c: fix possible invalid memory access (bb#1000)
                                Reported by Damian Put


Hello,

Here is another upstream log, I suspect that this is a security fix too.

  * libclamav/mbox.c, shared/network.c: prevent uninitialized use of hostent
  structure (bb #1003).

The bug entry says that after zip file's arriving at clamd, it suddenly dies 
and nothing can be retrieved thereafter. Clamav developer also comfirms that 
this happens when MailFollowURLs is enabled.

Could someone take a look at this issue?

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1003

Current thread:

CVE id request: Clamav Steffen Joeris (Jun 15)
- Re: CVE id request: Clamav Tomas Hoger (Jun 16)
- Re: CVE id request: Clamav Steven M. Christey (Jun 16)
- Re: CVE id request: Clamav Eren Türkay (Jun 17)
  - Re: CVE id request: Clamav Eren Türkay (Jun 17)
    - Re: CVE id request: Clamav Török Edwin (Jun 17)